[tor-bugs] #26520 [Applications/Tor Browser]: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Aug 19 13:15:41 UTC 2018


#26520: NoScript is broken with TOR_SKIP_LAUNCH=1 in ESR 60-based Tor Browser
--------------------------------------------+------------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  defect                          |         Status:
                                            |  needs_revision
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201808  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+------------------------------

Comment (by intrigeri):

 Replying to [comment:13 rustybird]:
 > Replying to [comment:12 intrigeri]:
 > > * I don't know how to test whether "the communication between
 Torbutton and NoScript" works.
 >
 > The symptom to look out for is JavaScript //not// working on websites
 even though it should be enabled, especially in the default state after
 installation. If you start a fresh browser and don't open the Torbutton
 Security Settings dialog at all, the slider level defaults to Standard, so
 JavaScript should be enabled - but:
 >
 > - situation on vanilla 8.0a9 and 8.0a10: You can only make JavaScript
 work if you move the slider away from Standard to Safer or Safest, confirm
 with OK, and then move it back to Standard again

 Thanks for the detailed explanation :)

 OK, so in Tails the browser homepage is https://tails.boum.org/home/. It
 does use JavaScript sometimes, and thankfully for the purpose of debugging
 this problem, we're currently in the (rather rare) situation where it does
 run some JS in a way that can trivially be noticed. So I could confirm
 that this piece of JS does run just fine on our homepage when starting Tor
 Browser 8.0a10 in Tails. Then, FWIW, I immediately set the security slider
 to "safest", reloaded the home page, and confirmed that our JS was not run
 this time. So I think the use cases we care about at Tails are not
 affected => no need for an AffectsTails keyword.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26520#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list